December 2006
Intermediate to advanced
1188 pages
72h 8m
English
Content preview from Cisco IOS Cookbook, 2nd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Adjusting NAT Timers
Problem
You want to change the length of time that NAT entries remain active.
Solution
The router will keep NAT entries in the translation table for a configurable length of time. For TCP connections, the default timeout period is 86,400 seconds, or 24 hours. Because UDP is not connection based, the default timeout period is much shorter—only 300 seconds, or 5 minutes. The router will remove translation table entries for DNS queries after only 60 seconds.
You can adjust these parameters using the ip nat translation command, which accepts arguments in seconds:
Router#configure terminalEnter configuration commands, one per line. End with CNTL/Z. Router(config)#ip nat translation tcp-timeoutRouter(config)#500ip nat translation udp-timeoutRouter(config)#30ip nat translation dns-timeoutRouter(config)#30ip nat translation icmp-timeoutRouter(config)#30ip nat translation finrst-timeoutRouter(config)#30ip nat translation syn-timeoutRouter(config)#30endRouter#
To save router memory, you can also define a maximum number of NAT translation table entries:
Router#configure terminalEnter configuration commands, one per line. End with CNTL/Z. Router(config)#ip nat translation max-entriesRouter(config)#1000endRouter#
Discussion
There are many reasons for adjusting these various timeout parameters; most are related to router performance. If sessions are generally short-lived, it is a waste of memory to maintain the NAT entries for a long time. The finrst-timeout and ...